Exposing a sensitive environment variable in the configuration can lead to credentials leak
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| CRITICAL | HIGH | AWS | SECRET |
Description
The value of a sensitive environment variable is defined in plaintext.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | False | True |
The secret is exposed to anyone with access to the configuration and from the AWS Management Console.
Remediation guidelines
Secrets should be pulled from a secure secret storage by the service using them.
References
Was this page helpful?
